Two-Thirds of Phishing Emails in Ed Use 'Attached Invoice' Ploy

The most common form of phishing email in education tends to include an attached invoice; 66 percent of hacker attempts use the attached invoice ploy to get unwary recipients to click on an infected link; another 28 percent use a payment notification scheme; and 6 percent try online order tricks.

The findings were shared by digital security vendor Cofense, in its "State of Phishing Defense 2018" report. The company provides online services to organizations that automates response to suspicious emails and also helps them condition their employees to recognize and report phishing. (In other words, the company facilitates employers sending fake emails to test how savvy their workforce is.) For the report, Cofense used data gathered through the experiences of 1,400 clients in 23 industries around the world covering real attack attempts correlated with customer simulation data.

The same analysis found that 11 percent of malicious emails in education reported turned out to be actual phishing attempts, slightly higher than the cross-industry rate of 10 percent. The others were ordinary emails that users just thought were fake. Of course, as the report's authors pointed out, "It takes just one successful phish to inflict a costly toll."

The top phishing campaigns tended to use "invoice" in the subject header. That word appeared in seven of the top 10 headers for actual phishes. Also highly popular: "payment remittance," "statement" and "payment."

More than half of reported phishes across all segments (53 percent) were sent to collect user logins, according to Cofense. This "credential phishing" typically includes a link to a malicious landing page, enabling criminals to gain access to internal data or "establish a network foothold." To protect against this delivery mechanism for malware, the company recommended that organizations use a "steady diet of credential phishing" in their simulation programs., particularly if the operation uses a lot of cloud services.

The report, which called Microsoft Office macros "the Domino's of malware delivery," said that nearly half of all malware analyzed (45 percent) currently "lurks" in Office macros. One option is for schools to disable macros in emails, forcing users to "enable" content before they work with it. Another approach is to block or "gray-list" documents from both known malware sources and unknown sites and balance that with user education.

The security firm recommended that organizations train users "to view attachments suspiciously," especially if they include invoices, online orders or anything that might contain a macro. Also, users need to be on the watch especially during intense periods of financial processing, such as end-of-month, end-of-quarter and end-of-year periods.

Cofense also suggested that organizations run phishing simulations based on real threats and the newest subjects or themes that have been circulating.

"We see phishing emails bypass technology controls every day and more and more end-users recognizing and reporting these threats that slipped past million-dollar defenses," said Aaron Higbee, co-founder and chief technology officer of Cofense, in a statement. "The results of our research...shows that resiliency is building across key industries thanks to those same people that were once deemed as the weakest-links in an organization. These trends are powerful and reinforce that humans are a key element to a successful security program."

The full report, with additional recommendations, is available with registration on the Cofense website.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • laptop on a desk with an AI symbol on screen

    New AI Teaching Assistant Helps Make Lesson Plans with VR Content

    Virtual and augmented reality solution provider Lobaki has introduced Lobaki Liaison, an AI-powered teaching assistant designed to help educators navigate and implement VR content in their classrooms.

  • interconnected glowing nodes and circuits in blue and green, forming a neural network on a dark background with a futuristic design

    Tech Giants Launch $100 Billion National AI Infrastructure Project

    OpenAI, SoftBank, and Oracle have announced a new venture, Stargate, through which they aim to build a massive AI infrastructure network across the United States. The initiative, which was announced at the White House with President Donald Trump, has been described as the "largest AI infrastructure project in history."

  • teacher and children working with a LEGO Education Science kit

    LEGO Education Debuts Science Kits for Hands-on Learning

    LEGO Education has announced a new learning solution to engage students in hands-on science learning. Available in three kits by grade band, LEGO Education Science provides 120-plus standards-aligned science lessons, teacher materials, and select LEGO bricks and hardware.

  • futuristic AI interface with glowing data streams and abstract neural network patterns

    OpenAI Launches Its Largest AI Model Yet

    OpenAI has introduced GPT-4.5, its largest AI model to date, code-named Orion. The model, trained with more computing power and data than any previous OpenAI release, is available as a research preview to select users.